Setting up Solr with SSL for Sitecore 9

Rameez Akram -

As soon as I heard Sitecore 9 was out, I immediately jumped on to set it up. In order to use Analytics, Sitecore requires SSL enabled Solr. The installation experience was mostly painless using the new Sitecore Installation Framework (more on that in a separate post). However, I did notice that setting up Solr with SSL took some time. To save you the hassle, here’s a simple step-by-step guide on how to go about it.

Get Solr

Download solr-6.6.2 and unzip to C:\Program Files\solr-6.6.2:
https://archive.apache.org/dist/lucene/solr/6.6.2/solr-6.6.2.zip

Install JRE

Make sure you have JRE installed. If not download from:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

Create Keystore

We will use the JDK Keytool command to create the required certificates. Run the following in command prompt with administrative privileges. Change the path to the executable based on the path of your JRE installation. You may also want to update the password and the certificate attributes (CN, OU etc):

“C:\Program Files\Java\jre-9.0.1\bin\keytool.exe” -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:127.0.0.1 -dname “CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country”

After running the above command, a keystore file called solr-ssl.keystore.jks will be created in the current directory.

Generate certificate

Run the following in command prompt with administrative privileges. Update the password if you changed it from the default during the previous step:

“C:\Program Files\Java\jre-9.0.1\bin\keytool.exe” -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12

This will generate a certificate called solr-ssl.keystore.p12 in the current directory

Install certificate

Double click on the generated solr-ssl.keystore.p12 file and follow the wizard to import the certificate. When you reach the Certificate Store window, make sure to place the certificate in the Trusted Root Certification Authorities.

Move keystore and certificate to Solr

Copy the generated certificate and keystore files (solr-ssl.keystore.jks, solr-ssl.keystore.p12) to C:\Program Files\solr-6.6.2\server\etc.

Enable SSL in Solr

To enable SSL, edit the file C:\Program Files\solr-6.6.2\bin\solr.in.cmd. Uncomment properties starting with Solr_SSL_*:

Test start Solr

To start SOLR, run the following in command prompt with administrative privileges:

C:\Program Files\solr-6.6.2\bin\solr.cmd -p 8984

Once successfully started up, you should be able to navigate to https://localhost:8984 to make sure that the instance is running.

If no errors are encountered and Solr started successfully, stop Solr by running the command:

C:\Program Files\solr-6.6.2\bin\solr.cmd stop -all

Setup Solr to run as a Windows service

Download and extract Non-Sucking Service Manager from https://nssm.cc/download.

Run the following in command prompt with administrator privileges. Update path to where you extracted nssm:

“C:\nssm-x.xx\win64\nssm.exe” install SOLR6

Set the path to ‘C:\Program Files\solr-6.6.2\bin\solr.cmd’ and Arguments to ‘start -f -p 8983’:

Finally, start the SOLR6 windows service and navigate to https://localhost:8983 to make sure Sorl is running.